Techly NewsGet the app

Get the latest tech news

Google Chrome's hidden extension allows *.google.com to access private APIs


It turns out Google Chrome (via Chromium) includes a default extension which makes extra services available to code running on the `*.google.com` domains - tweeted about today [by Luca Casonato](https://twitter.com/lcasdev/status/1810696257137959018), …

It looks like it's a way to let Google Hangouts (or presumably its modern predecessors) get additional information from the browser, including the current load on the user's CPU. Update: On Hacker News a Googler confirms that the Google Meet "troubleshooting" feature uses this to review CPU utilization. I got GPT-4o to help me figure out how to trigger it(I tried Claude 3.5 Sonnet first but it refused, saying "Doing so could potentially violate terms of service or raise security and privacy concerns").

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Google Chrome

Google Chrome

Photo of hidden extension

hidden extension

Photo of private APIs

private APIs

Related news:

News photo

Google Chrome ships a default, hidden extension that allows code on *.google.com access to private APIs, including your current CPU usage

News photo

Google Chrome has an API accesible only from *.google.com

News photo

Android's Google Chrome readies robust security monitoring via Safety Check

« Germany in deal to cut Huawei's role in 5G wireless network, report says
Daily Usenet Feed Size Hits 300TB »